|
Affected Products:
CiscoWorks Wireless LAN Solution Engine software version
2.12 and prior
Summary:
CiscoWorks WLSE is a centralized application that manages
and controls an entire autonomous Cisco WLAN infrastructure.
Two vulnerabilities exist in the WLSE appliance. The first one
is a cross-site scripting vulnerability that may allow an
attacker to get system rights of vulnerable systems. The
second one is a local privilege escalation vulnerability that
may allow an attacker to escalate his/her privileges.
BSST's Suggestions:
1. According to Cisco: “[When considering software
upgrade], customers should exercise caution to be certain that
the devices to be upgraded contain sufficient memory and that
current hardware and software configurations will continue to
e supported properly by the new release.”
2. According to Cisco, there are no workarounds for these
vulnerabilities. Users may consider upgrading vulnerable
applications to WLSE version 2.13. Fixed software can be
downloaded at:
3. Watch pattern release notices from Broadweb and keep
patterns up-to-date.
Reference:
Cisco's security advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml
Broadweb Security Service Team (BSST) - Empower Your
Network Security Broadweb NetKeeper Intruder Prevention System
delivers the protection against intrusion, worms, DDOS,
Instant messaging, P2P, Web-Mail, and Web Post.
Note:
This document is provided on an “as is” basis and does
not imply any kind of guarantee or warranty. Your use of this
information on the document or materials linked from the
document is at your own risk. BroadWeb reserves the right to
update this document at any time. | 